ARTICLE
20 May 2026

From Answers To Action: How To Prepare For The Arrival Of AI Agents

KL
Herbert Smith Freehills Kramer LLP

Contributor

Herbert Smith Freehills Kramer LLP logo
Herbert Smith Freehills Kramer is a world-leading global law firm, where our ambition is to help you achieve your goals. Exceptional client service and the pursuit of excellence are at our core. We invest in and care about our client relationships, which is why so many are longstanding. We enjoy breaking new ground, as we have for over 170 years. As a fully integrated transatlantic and transpacific firm, we are where you need us to be. Our footprint is extensive and committed across the world’s largest markets, key financial centres and major growth hubs. At our best tackling complexity and navigating change, we work alongside you on demanding litigation, exacting regulatory work and complex public and private market transactions. We are recognised as leading in these areas. We are immersed in the sectors and challenges that impact you. We are recognised as standing apart in energy, infrastructure and resources. And we’re focused on areas of growth that affect every business across the world.
Explore Firm Details
The next stage of artificial intelligence is here, with a new generation of autonomous and adaptable platforms. But with increased scope comes greater risk.
Worldwide Technology
Kwok Tang,Emma Iles,Morris Schonberg
+5 Authors
 Your Author LinkedIn Connections
Herbert Smith Freehills Kramer LLP are most popular:
  • within Technology, Wealth Management and Employment and HR topic(s)
  • with Senior Company Executives, HR and Finance and Tax Executives

Key takeaways

  1. Agentic AI has arrived, with agents able to search, decide and execute across digital systems.
  2. The increased scope of agentic AI poses significant privacy and cyber security risks through prompt injection and interference with training data.
  3. Regulators are beginning to define agentic AI as a prelude to understanding how the technology fits existing frameworks, while some regions are exploring targeted rules.
  4. Rigorous governance around agentic AI is essential, including providing digital IDs distinct from employees, establishing action gates, and implementing processes which provide greater transparency on agentic decision-making.
  5. As AI platforms begin to align, the technology will be applied more widely across the economy through agentic systems.

Technologists have not been shy about making bold claims regarding the transformative potential of generative AI, and even jaded observers have been struck by the technology’s rapid development since it became ubiquitous in 2023. But already, in just three years, the next stage of AI development has arrived, with 'agentic AI' the new buzzword. Unlike the first era of generative AI chatbots, which provide answers, AI agents provide action – by searching, deciding and executing across digital systems. 

"We now have clear examples of what agentic AI is," says Sydney-based HSF Kramer technology lawyer Raymond Sun. "For two years we've seen spruced up chatbots, but now we have platforms such as Claude Code, Codex, Google AI studio and Copilot studio.” 

“They live in your terminal and access, edit and read files and look at databases and run tests for you. They're much more than a typical chatbot, they're true agentic systems." 

There are clear commercial considerations for platforms with such system-wide scope. Vendors could begin monetising beyond AI subscriptions into continuous activity: instead of charging for access, suppliers could charge for completed transactions or executed workflows. 

Changes in commercial models may impact how businesses engage with agentic AI. But the more immediate challenge is understanding how this version of the technology fits into existing governance and risk management regimes.

How does agentic AI exacerbate traditional AI risks?

While agentic AI represents the next frontier in the technology's development, it also horizontally escalates the risks for user businesses.

This means a poorly governed AI agent could cause as much harm as an employee acting in a way that does not benefit the business, only much faster and on a larger scale. It's a sobering perspective.

The technology can also be weaponised by malevolent actors, with a rogue agent able to interact with other agents to automate many of the operations required to carry out large cyberattacks, including vulnerability scanning, credential harvesting, exploitation and data analysis. 

Moreover, for all AI's capabilities, the technology can be surprisingly porous: a subtle change in a prompt or data can cause significant changes in behaviour.

"Ultimately, these agents are LLMs wrapped in orchestration layers and given tooling," points out London-based HSF Kramer technology lawyer and software developer Jamie Ball. "If you convince the LLM at the root of the agent that something should be done and that thing is false, that's a huge attack surface you can provide as a malicious actor. This prompt injection issue is a significant cybersecurity risk." 

There are also significant privacy concerns. Agents are delegated tasks through access to credentials, such as emails, calendars, HR systems and even credit card information. 

This access, combined with the technology's impressive long-term memory, means there is potential for significant exchanges of data when agents interact with one another to perform tasks. And when things go wrong, the complexity of the systems involved often makes it difficult to explain or track – itself a major regulatory concern.

“By definition agents are more autonomous – they take decisions by themselves and adapt based on those decisions,” says Paris-based partner Emmanuel Ronco, Co-Head of TMT Corporate Europe at HSF Kramer. “That will raise a big challenge for organisations, particularly from a privacy point of view. You will need some reversibility by design and human oversight to verify what the agent has done.”

How can businesses mitigate the risk?

Businesses using agentic AI must strike a balance between the permissions granted to the technology to drive efficiency and the safeguards required to protect systems and data. 

Put simply, the more permissions, the greater the risk. But there are ways of mitigating this risk, according to Iria Calviño, head of our public law, regulatory and environment practice in Madrid. 

“There are many different things companies could do, depending on the agents they use,” says Iria. “But one thing is absolutely crucial: the agent needs to have its own distinct digital identity. It cannot simply inherit the employee's credentials, and there must be mandatory human approvals, for instance when you're making a payment or engaging in external communication.”

“There must also be compartments of information that the agent cannot access to answer the query of another agent – governance needs to take those things into account." 

Action-gating agents means predefining where the human must be involved and ensuring supervision, making the work done by agents more deterministic. 

AI governance and how we think about risk management needs to evolve beyond paper-based policies to include continuous, dynamic controls.
Katherine Gregor
Partner, Melbourne

Other measures including chain-of-thought reasoning, system logs and API level monitoring can all improve transparency, but don't guarantee full insights into an agent's actions, particularly non-deterministic agents.

"AI governance and the way we think about risk management needs to evolve from more than just paper-based policies to also include more continuous and dynamic controls. Technical monitoring, controls and security built into the design of the agents and their action space is essential" stresses Katherine Gregor, a Melbourne-based partner specialising in technology transactions and data. 

What has been the regulatory response to agentic AI?

Regulators around the world are beginning to define agentic AI, but Singapore remains the only region to issue targeted guidance so far, with the Media Development Authority producing a bespoke framework for agentic AI governance.

However, privacy regulators are beginning to take a more active interest, particularly in Spain, according to Calviño. "The Spanish Data Protection Agency has issued specific guidance on the relationship between privacy and the use of agentic AI – it is one of the few regulators to have moved proactively in this space, and that reflects how seriously the privacy implications of autonomous systems are being treated at a national level” 

Regulators will be keen to capture agentic AI under existing AI-focused regulatory frameworks, including the EU AI Act and the Colorado AI Act. Agentic AI systems that interact with individuals will likely be captured by existing AI communications and chatbot laws. 

In Australia, while there is no specific AI regulation, regulators are keenly aware of risks posed by agentic AI. In a recent speech, the Australian Securities and Investments Commission (ASIC) noted that “the arrival of agentic AI raises the stakes significantly. Agentic AI is not just another moment of technological upheaval – it will be an inflection point in how organisations manage risk. With it comes greater autonomy and unpredictability, new harms that can arise from autonomous decision‑making, and new risks that can be accentuated from existing governance gaps. This is a risk that every director needs to get on top of”.

Moreover, agents focused on a specific subject – such as employment, workplace health and safety, healthcare, insurance, etc – will fall within subject-specific AI regulation.

Though it remains to be seen precisely how this existing AI regulation will capture agentic technology and whether additional rules will be drafted in response, there are certain regulatory fundamentals of which any business must be aware. 

"The bottom line is regulators expect that if your system can act, then you need to be able to supervise, audit and stop it," warns Ball. "That hasn't really changed between 2023 generative AI and the agentic systems we see today."

Organisations are now better informed on what to demand from vendors, who will be expected to include certain measures by design, such as the ability to block decisions made by agents, echoing some of the 'privacy by design' expectations which followed the introduction of GDPR. Vendors will also be asked to help with action-gating, kill switches and improving the observability and auditability required for incident response. 

What's next in agentic AI?

As the power of AI models begins to equalise, many expect horizontal rather than vertical progress and, while we may only be at the lower slopes of the technology, for many this is what is meant by the agentic era. 

The challenge for businesses adopting agentic AI will be understanding how this ability to make numerous micro-actions across different systems can rapidly compound risk, particularly in areas of privacy, cyber security and external-facing functions such as customer service, where there is potential for reputational damage. 

"These agents can communicate with each other, they have the interfaces and the autonomy to do so – and that inter-agent interaction significantly compounds the risks around privacy, cybersecurity and accountability" concludes Calviño. "2023 was the age of the chatbot and 2025 started with agents – It has arrived, and businesses need to be ready”." 

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

[View Source]
Authors
Photo of Kwok Tang
Kwok Tang
Photo of Emma Iles
Emma Iles
Photo of Justina Zhang
Justina Zhang
Photo of Morris Schonberg
Morris Schonberg
Photo of Charlie Morgan
Charlie Morgan
Photo of Emmanuel Ronco
Emmanuel Ronco
Photo of Alexander Amato-Cravero
Alexander Amato-Cravero
Photo of Peter Jones
Peter Jones
Your Author LinkedIn Connections
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More